Network security is rapidly becoming a crucial task for network administrators. Successful and unsuccessful incidents of hacking worldwide are rising in frequency each year. To combat hacking, firewalls have been developed. A firewall is a gateway (either software and/or hardware) that sits between two networks, buffering and scrutinizing data traffic to prevent malicious hackers from gaining access to computational components in one of the networks. Commonly, one of the networks is the Internet and the other network is a Local Area Network or LAN.
There are five generally accepted types of firewalls used on Internet connections, namely frame-filtering firewalls, packet-filtering firewalls, circuit gateways, stateful and application gateways, and proxy servers. Frame-filtering firewalls filter, to the bit level, the layout and contents of a LAN frame (such as Ethernet/802.3, token ring/802.5, FDDI and others). By providing filtering at this level, frames that do not belong on the trusted network are rejected before they can reach any meaningful computational component, including the firewall itself. A packet-filtering firewall is commonly a router with packet-filtering capabilities or a dedicated device that performs packet-filtering. Circuit gateway firewalls typically monitor session set-up between a system and the user security options relative to that system for a particular user. For instance, a circuit gateway may check user IDs and passwords for a connection request. Other types of circuit firewalls might implement proxy connection authorization or other types of authorization services. Stateful firewalls are intended to combat IP spoofing, session hijacking, piggyback session acquisition, and other types of hacking attacks. A stateful firewall or stateful inspection facility is intelligent enough to watch all transactions between two systems, to understand enough of the details of how the protocol works to identify a specific condition in the transaction between two applications, to be able to predict what should transpire next in the transaction, and to be able to detect when normal operational “states” of the connection are being violated. In this type of firewall, the network security manager can specify rules and filters for specific technical transactions between the systems and applications and what to do if they are violated. Finally, application gateways or proxy firewalls provide protection at the application level. An application gateway firewall uses custom programs for each protected application. When a new application that requires protection is added to the network, a new program has to be written and added to the set of other programs that reside on the firewall. For example, if e-mail is to be protected, a custom e-mail application is written that includes specific security rules (e.g., what type of e-mail is permitted). These custom-written application programs act as both a client and server and effectively serve as proxies to the actual applications. When viewed from the perspective of functionality, an application gateway firewall is the opposite of a packet-filtering firewall, namely the former is application- or program-specific while the latter is general-purpose.
Firewalls have created numerous problems for remote servicing of computational components, such as PBXs and media servers. Internet-based connectivity by service personnel is hindered or even blocked completely by firewalls.
To circumvent the firewall connectivity problem, dial-up connectivity between a product and a service system has been widely implemented. Dial-up connectivity usually requires one dedicated POTS line per supported system plus modems on each end. Dial-up connectivity can be expensive due to the costs of servicing the modems and the ongoing cost of providing a dedicated POTS line. Dial-up connections are typically slow, leading to higher servicing costs. Moreover, dial-up systems commonly lack a high level of security. Hackers continue to attack modems selectively as the weak link in network security.